fix(eip712): signature-request display fixes + core address Key decoding#1366
Conversation
Signed-off-by: ost-ptk <ostap@make.services>
Signed-off-by: ost-ptk <ostap@make.services>
… error key to signTypedDataEIP712 Signed-off-by: ost-ptk <ostap@make.services>
…gs to signTypedDataEIP712 Signed-off-by: ost-ptk <ostap@make.services>
# Conflicts: # package-lock.json # package.json
| .replace(/\s+/g, ' ') | ||
| .trim() | ||
| .split(' ') | ||
| .map(word => capitalizeString(word)) |
There was a problem hiding this comment.
formatPrimaryTypeLabel throws a TypeError on separator-only input.
After .replace(/[_-]+/g, ' ')…trim(), an input made up only of separators/whitespace reduces to '', and ''.split(' ') yields [''] — so capitalizeString('') runs ''[0].toUpperCase() → undefined.toUpperCase() and throws. The early if (!value) guard only catches empty/undefined, not '_' / '__' / '-' / ' '.
"_" => THROWS: Cannot read properties of undefined (reading 'toUpperCase')
"__" => THROWS: ...
" " => THROWS: ...
This is reachable from untrusted input: primaryType is a dapp-supplied string (SignTypedDataParams.primaryType: string) passed straight to formatPrimaryTypeLabel(signatureRequest.primaryType) in sign-eip712-content.tsx with no wallet-side validation. _ is a valid EIP-712 / Solidity type identifier, so a dapp can send primaryType: "_" and crash the signature-request render.
Suggested fix — drop empty segments after the split:
.split(' ')
.filter(Boolean)
.map(word => capitalizeString(word))
.join(' ');There was a problem hiding this comment.
Good catch — fixed in 8580c2d. Added .filter(Boolean) after the split to drop empty segments, plus a regression test covering "_", "__", "-" and " " (all now return "" instead of throwing).
Separator-only primaryType values (e.g. "_", "__", "-") reduced to an empty string after normalization, producing an empty segment that crashed capitalizeString with a TypeError. Since primaryType is dapp-supplied and unvalidated, this could crash the signature-request render. Drop empty segments after splitting.
…dback # Conflicts: # package-lock.json # package.json
What
EIP-712 signature-request display fixes (WALLET-1251) from QA re-test, plus the
casper-wallet-corebump that carries the address Key-decoding and date logic.Changes
formatPrimaryTypeLabelsplits the camelCaseprimaryTypeso the message header reads "TRANSFER WITH AUTHORIZATION" instead of an unreadable run-on word.casper-wallet-coreto pick up: EIP-712addressvalues decoded as Casper Keys (a contract package address is no longer shown as a "Public key"), timestamp dates + sentinels ("Always" / "No expiry"), and CAIP-2 chain names.Notes
eip712-naming-alignment(PR refactor(eip712): align signTypedData onto signTypedDataEIP712 convention #1360); retarget todeveloponce that merges.Depends on